problem with posfix/smtp-auth and tls

hello all,
i have followed a good tutorial here

http://www.howtoforge.com/perfect_setup_ubuntu704_p5

to install a mail server on my ubuntu VPS.

However, at this step

telnet localhost 25

my screen just show this:

Trying 127.0.0.1...
Connected to locahost
Escape characters is '^]'

and that's it. even if i enter ehlo locahost, nothing happened

i had a look at mail.err, and here's output

it's full of 'fatal: SASL per-process initialization failed'

and i don't know where to look for problems...
could anyone help me out?

thanks an dregards
Marco

 

hello,
i forgot to post the content of my postfix main.conf file and sasl/smtpd.conf

********** mail.cf **************
# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

# TLS parameters
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname = www.worldcorpservices.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = www.worldcorpservices.com, localhost.worldcorpservices.com, , localhost
relayhost =
mynetworks = 127.0.0.0/8
mailbox_command =
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
smtpd_sasl_local_domain =
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination
smtpd_tls_auth_only = no
smtp_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
home_mailbox = Maildir/

************smtpd.conf ***************
pwcheck_method: saslauthd
mech_list : plain login

anyone could help?

thanks and regards
marco

 

What's in /etc/mailname and /etc/hosts? What's the output of

Code:

hostname

and

Code:

hostname -f

?

 

Hello Falko,
thanks for the reply
thing is, my host ws already configured with VPS, so whil einstalling postfix i left as input what was given to me.
my hostname is www.worldcorpservices.com
it's the sam entry in etc/mailname

shall i have put instead server1.worldcorpservices.com instead of accepting what was on the screen (www.worldcorpservices.com) ?

thanks and regards
Marco

 

That's ok. Did you configure saslauthd exactly as shown in the tutorial?

 

Hello,
well i thought so...
below is my saslauthd from /etc/default

Code:

#
# Settings for saslauthd daemon
#

# Should saslauthd run automatically on startup? (default: no)
START=yes


PWDIR="/var/spool/postfix/var/run/saslauthd"
PARAMS="-m ${PWDIR}"
PIDFILE="${PWDIR}/saslauthd.pid"
# Which authentication mechanisms should saslauthd use? (default: pam)
#
# Available options in this Debian package:
# getpwent  -- use the getpwent() library function
# kerberos5 -- use Kerberos 5
# pam       -- use PAM
# rimap     -- use a remote IMAP server
# shadow    -- use the local shadow password file
# sasldb    -- use the local sasldb database file
# ldap      -- use LDAP (configuration is in /etc/saslauthd.conf)
#
# Only one option may be used at a time. See the saslauthd man page
# for more information.
#
# Example: MECHANISMS="pam"
MECHANISMS="pam"

# Additional options for this mechanism. (default: none)
# See the saslauthd man page for information about mech-specific options.
MECH_OPTIONS=""

# How many saslauthd processes should we run? (default: 5)
# A value of 0 will fork a new process for each connection.
THREADS=5

# Other options (default: -c)
# See the saslauthd man page for information about these options.
#
# Example for postfix users: "-c -m /var/spool/postfix/var/run/saslauthd"
# Note: See /usr/share/doc/sasl2-bin/README.Debian
OPTIONS="-c "

Note that i tried also, as explained in thetutorial to add this

-m /var/spool/postfix/var/run/saslauthd

but still got same result..
additionally, as i m here i'd lk eto ask u few questions about email...
once i everything is setup, can i send mail to [email protected]? or what do i need? to create an info user?
or, mail will be [email protected] ...?

sorry but i m a newbie in this , i m taking opportunity of learning server stuff....

thanks for your patience and regards
marco

 

Make it look exactly as follows:

Code:

#
# Settings for saslauthd daemon
#

# Should saslauthd run automatically on startup? (default: no)
START=yes

# Which authentication mechanisms should saslauthd use? (default: pam)
#
# Available options in this Debian package:
# getpwent  -- use the getpwent() library function
# kerberos5 -- use Kerberos 5
# pam       -- use PAM
# rimap     -- use a remote IMAP server
# shadow    -- use the local shadow password file
# sasldb    -- use the local sasldb database file
# ldap      -- use LDAP (configuration is in /etc/saslauthd.conf)
#
# Only one option may be used at a time. See the saslauthd man page
# for more information.
#
# Example: MECHANISMS="pam"
MECHANISMS="pam"

# Additional options for this mechanism. (default: none)
# See the saslauthd man page for information about mech-specific options.
MECH_OPTIONS=""

# How many saslauthd processes should we run? (default: 5)
# A value of 0 will fork a new process for each connection.
THREADS=5

# Other options (default: -c)
# See the saslauthd man page for information about these options.
#
# Example for postfix users: "-c -m /var/spool/postfix/var/run/saslauthd"
# Note: See /usr/share/doc/sasl2-bin/README.Debian
OPTIONS="-c  -m /var/spool/postfix/var/run/saslauthd -r"

You can either install ISPConfig and use it to create email addresses, or you do it as shown here: http://www.howtoforge.com/forums/showthread.php?t=2

 

Falko,
thanks for help but i am still at square 1....
here is again /etc/default/saslauthd

Code:

#
# Settings for saslauthd daemon
#

# Should saslauthd run automatically on startup? (default: no)
START=yes


# Which authentication mechanisms should saslauthd use? (default: pam)
#
# Available options in this Debian package:
# getpwent  -- use the getpwent() library function
# kerberos5 -- use Kerberos 5
# pam       -- use PAM
# rimap     -- use a remote IMAP server
# shadow    -- use the local shadow password file
# sasldb    -- use the local sasldb database file
# ldap      -- use LDAP (configuration is in /etc/saslauthd.conf)
#
# Only one option may be used at a time. See the saslauthd man page
# for more information.
#
# Example: MECHANISMS="pam"
MECHANISMS="pam"

# Additional options for this mechanism. (default: none)
# See the saslauthd man page for information about mech-specific options.
MECH_OPTIONS=""

# How many saslauthd processes should we run? (default: 5)
# A value of 0 will fork a new process for each connection.
THREADS=5

# Other options (default: -c)
# See the saslauthd man page for information about these options.
#
# Example for postfix users: "-c -m /var/spool/postfix/var/run/saslauthd"
# Note: See /usr/share/doc/sasl2-bin/README.Debian
OPTIONS="-c  -m /var/spool/postfix/var/run/saslauthd -r"

here's again my mail.err

Code:

Jan 20 18:59:37 ubuntu-7 postfix/smtpd[715]: fatal: SASL per-process initialization failed
Jan 20 19:00:38 ubuntu-7 postfix/smtpd[718]: fatal: SASL per-process initialization failed
Jan 20 19:01:39 ubuntu-7 postfix/smtpd[721]: fatal: SASL per-process initialization failed

in the setup example, it shows basically two main config file, postfix's main.cf plus saslauthd.
below again is the main.cf

Code:

# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

# TLS parameters
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname = www.worldcorpservices.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = www.worldcorpservices.com, localhost.worldcorpservices.com, , localhost
relayhost = 
mynetworks = 127.0.0.0/8
mailbox_command = 
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
smtpd_sasl_local_domain = 
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination
smtpd_tls_auth_only = no
smtp_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
home_mailbox = Maildir/

how can i narrow down the problem?
shall i just tell postfix not touse saslauth ?

thanks and regards

marco

 

falko,
by googling thep roblem i got pointed to another thread where you were suggesting to check for proper libraries installed. it's here

http://www.howtoforge.com/forums/showthread.php?t=3060

when i try to install postfix-tls, i got this message from my server

Package postfix-tls is a virtual package provided by:
postfix-2.4.5-3~feisty1
You should explicitly select one to install
E: package postfix-tls has no installation candidate

can that be the problem?

thanks an dregards
marco

 

Falko,
noticed that if configure postfix so taht it does not use tls everything works fine when i do telnet localhost 25

my guess is that i somehow screw up when i create the certificate.... i'll post here all steps i do to create certiifcate, i might be doing something wrong

on the other end, what are the risks/threats if i dont use sasl/tls together with postfix?

thanks and regards
marco

 

TLS is included in newer Postfix versions, so you don't have to install it.

Please recreate the certificate and accept all default values.

 

Falko,
thanks for still being ont he thread

i m going to do what u suggest ASAP

i must inform you that in creating a certificate, multiple times system asked me to enter a password (well, at least 3 times). shall i enter 'nothing' as password?

i'll post asap steps (including ALL values i entered in the process)

regards
marco

 

Yes, simply press ENTER.

 

falko,
when i entered the first command

Code:

openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024

at the end it is asking me a pwd, and it will continue unless i enter at least 4 chars......

is this normal?

thanks an dregards
marco

 

forgot to mention..
i m on Feisty Fawn, using openssh 1.4.3.....

 

sorry.. got confused, posted openssh instead of openssl

i have openssl version 0.9.8c

 

Oh, you mean _that_ password... Yes, simply enter a password you like.

 

Falko,
just to try i entered the string 'aaaa' ... and i entered for every subsequent
operation where it was asking me a password

but at the end , when i did telnet localhost 25 and typed the string to verify (think it was ehlo something..) i got no 'answer'..... nothing got displayed on the screen

somehow, i might be doing something wrong somewhere.. coz if the differenc ebetween using tls/saslauth and not using it is just the certificate, then i suspect there's something wrong in way i create certificates....

i'll retry one more time.. i m going to use exactly the same password whenever i am asked for one....

i'll post here result. thanks falko for being patient.. i realize i m a pain

regards
marco

 

What's in /etc/postfix/sasl/smtpd.conf?

 

falko,
here's my /etc/postfix/sasl/smtpd.conf

Code:

pwcheck_method: saslauthd
mech_list : plain login

thanks and regards
marco